forked from 0k/0k-charms
Valentin Lab
6 years ago
15 changed files with 706 additions and 0 deletions
-
2apache/lib/common
-
94peertube/README.org
-
20peertube/build/.env
-
100peertube/build/Dockerfile
-
26peertube/build/dbname.patch
-
73peertube/build/docker-compose.yml
-
87peertube/hooks/init
-
25peertube/hooks/postgres_database-relation-joined
-
24peertube/hooks/redis_database-relation-joined
-
22peertube/hooks/web_proxy-relation-joined
-
135peertube/metadata.yml
-
18redis/build/Dockerfile
-
59redis/hooks/init
-
12redis/hooks/redis_database-relation-joined
-
9redis/metadata.yml
@ -0,0 +1,94 @@ |
|||||
|
#+PROPERTY: Effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d |
||||
|
#+PROPERTY: Max_effort_ALL 0 0:30 1:00 2:00 0.5d 1d 1.5d 2d 3d 4d 5d |
||||
|
#+PROPERTY: header-args:python :var filename=(buffer-file-name) |
||||
|
#+PROPERTY: header-args:sh :var filename=(buffer-file-name) |
||||
|
#+TODO: TODO WIP BLOCKED | DONE CANCELED |
||||
|
#+LATEX_HEADER: \usepackage[margin=0.5in]{geometry} |
||||
|
#+LaTeX_CLASS: article |
||||
|
#+OPTIONS: H:8 ^:nil prop:("Effort" "Max_effort") tags:not-in-toc |
||||
|
#+COLUMNS: %50ITEM %Effort(Min Effort) %Max_effort(Max Effort) |
||||
|
|
||||
|
#+begin_LaTeX |
||||
|
\hypersetup{ |
||||
|
linkcolor=blue, |
||||
|
pdfborder={0 0 0 0} |
||||
|
} |
||||
|
#+end_LaTeX |
||||
|
|
||||
|
#+TITLE: Peertube charm management |
||||
|
|
||||
|
#+LATEX: \pagebreak |
||||
|
|
||||
|
Keep information related to the usage and the development of the charm. |
||||
|
|
||||
|
#+LATEX: \pagebreak |
||||
|
|
||||
|
#+LATEX: \pagebreak |
||||
|
|
||||
|
* Todos |
||||
|
|
||||
|
** TODO Logrotatability |
||||
|
|
||||
|
Peertube uses ``winston`` nodejs logging mecanism, and has what I |
||||
|
understand, hard-written transports to file: |
||||
|
|
||||
|
Content of =server/helpers/logger.ts= |
||||
|
#+BEGIN_SRC ts |
||||
|
... |
||||
|
const logger = winston.createLogger({ |
||||
|
level: CONFIG.LOG.LEVEL, |
||||
|
format: winston.format.combine( |
||||
|
labelFormatter, |
||||
|
winston.format.splat() |
||||
|
), |
||||
|
transports: [ |
||||
|
new winston.transports.File({ |
||||
|
filename: path.join(CONFIG.STORAGE.LOG_DIR, 'peertube.log'), |
||||
|
handleExceptions: true, |
||||
|
maxsize: 1024 * 1024 * 12, |
||||
|
maxFiles: 5, |
||||
|
format: winston.format.combine( |
||||
|
winston.format.timestamp(), |
||||
|
jsonLoggerFormat |
||||
|
) |
||||
|
}), |
||||
|
new winston.transports.Console({ |
||||
|
handleExceptions: true, |
||||
|
format: winston.format.combine( |
||||
|
timestampFormatter, |
||||
|
winston.format.colorize(), |
||||
|
consoleLoggerFormat |
||||
|
) |
||||
|
}) |
||||
|
], |
||||
|
exitOnError: true |
||||
|
}) |
||||
|
|
||||
|
#+END_SRC |
||||
|
|
||||
|
This will ensure some part of the rotation. Which is bad. |
||||
|
|
||||
|
We don't want peertube to manage the logs. So depending on what we |
||||
|
want to do in the future with the managing of logs, I'll need to patch |
||||
|
peertube to probably use only stdout, and/or send it to rsyslog. |
||||
|
|
||||
|
For now, situation of log rotation with all charm is using logrotate, |
||||
|
but I know this might not be the perfect solution as I'd like to stick |
||||
|
to =logs are streams=, and avoid having to find mecanism of reloading |
||||
|
application after rotation. |
||||
|
|
||||
|
A good solution would be to use the stdout/stderr of the application, |
||||
|
and have a generic solution using ``docker logs`` json output. |
||||
|
** TODO changing root password |
||||
|
|
||||
|
This will probably require also a patch, as the password is set for |
||||
|
user 'root' automatically and is to be read in the logs (duh !). |
||||
|
|
||||
|
We can't initialise the application (and ask for postgres table, and |
||||
|
root user to be created, then quit). So we can't do that in the |
||||
|
=hooks/init= script in a reasonable manner. |
||||
|
|
||||
|
There is a special ``npm run reset-password`` with odd arguments that |
||||
|
can reset root password, only if database already populated. |
||||
|
|
||||
|
I need a patch to simply set password from base server configuration. |
@ -0,0 +1,20 @@ |
|||||
|
PEERTUBE_DB_USERNAME=postgres_user |
||||
|
PEERTUBE_DB_PASSWORD=postgres_password |
||||
|
PEERTUBE_WEBSERVER_HOSTNAME=domain.tld |
||||
|
PEERTUBE_WEBSERVER_PORT=443 |
||||
|
PEERTUBE_WEBSERVER_HTTPS=true |
||||
|
# If you need more than one IP as trust_proxy |
||||
|
# pass them as a comma separated array: |
||||
|
PEERTUBE_TRUST_PROXY=["127.0.0.1"] |
||||
|
#PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "192.168.1.0/24"] |
||||
|
PEERTUBE_SMTP_USERNAME= |
||||
|
PEERTUBE_SMTP_PASSWORD= |
||||
|
PEERTUBE_SMTP_HOSTNAME=postfix |
||||
|
PEERTUBE_SMTP_PORT=25 |
||||
|
PEERTUBE_SMTP_FROM=noreply@domain.tld |
||||
|
PEERTUBE_SMTP_TLS=true |
||||
|
PEERTUBE_SMTP_DISABLE_STARTTLS=false |
||||
|
PEERTUBE_ADMIN_EMAIL=admin@domain.tld |
||||
|
# /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ |
||||
|
#PEERTUBE_SIGNUP_ENABLED=true |
||||
|
#PEERTUBE_TRANSCODING_ENABLED=true |
@ -0,0 +1,100 @@ |
|||||
|
FROM alpine:3.7 AS common |
||||
|
|
||||
|
RUN apk add gnupg ffmpeg |
||||
|
|
||||
|
# Add peertube user |
||||
|
RUN addgroup -S peertube && \ |
||||
|
adduser -S -G peertube -h /var/lib/peertube peertube |
||||
|
|
||||
|
|
||||
|
FROM common AS builder |
||||
|
|
||||
|
## |
||||
|
## Download target release |
||||
|
## |
||||
|
|
||||
|
ENV PEERTUBE_RELEASE=v1.1.0 |
||||
|
|
||||
|
|
||||
|
RUN apk add wget |
||||
|
COPY ./*.patch /tmp |
||||
|
RUN mkdir -p /opt/apps/peertube && \ |
||||
|
cd /opt/apps/peertube && \ |
||||
|
wget https://github.com/Chocobozzz/PeerTube/releases/download/${PEERTUBE_RELEASE}/peertube-${PEERTUBE_RELEASE}.tar.xz && \ |
||||
|
tar -xJf peertube-${PEERTUBE_RELEASE}.tar.xz && \ |
||||
|
rm peertube-${PEERTUBE_RELEASE}.tar.xz && \ |
||||
|
mv peertube-${PEERTUBE_RELEASE}/* . && \ |
||||
|
rmdir peertube-${PEERTUBE_RELEASE} && \ |
||||
|
cat /tmp/*.patch | patch -p1 && \ |
||||
|
mkdir -p /etc/peertube /var/lib/peertube && \ |
||||
|
ln -sf /var/lib/peertube /opt/apps/peertube/storage |
||||
|
|
||||
|
RUN apk add yarn ## Build command |
||||
|
RUN apk add git build-base python bash ## Build deps |
||||
|
|
||||
|
RUN chown -R peertube:peertube /opt/apps/peertube |
||||
|
|
||||
|
USER peertube |
||||
|
|
||||
|
RUN cd /opt/apps/peertube && \ |
||||
|
yarn install --production --pure-lockfile && \ |
||||
|
yarn cache clean |
||||
|
|
||||
|
## XXXvlab: without this in current docker version, it'll |
||||
|
## permeate in next image to be built. |
||||
|
USER root |
||||
|
|
||||
|
# RUN apk add nodejs yarn |
||||
|
# |
||||
|
## Source build (very long) |
||||
|
# |
||||
|
# ## To download source |
||||
|
# RUN apk add git |
||||
|
# RUN git clone https://github.com/chocobozzz/PeerTube /tmp/peertube --depth 1 |
||||
|
|
||||
|
# ## for installation of dependencies |
||||
|
# RUN apk add build-base python |
||||
|
# RUN cd /tmp/peertube && \ |
||||
|
# yarn install --pure-lockfile |
||||
|
|
||||
|
# ## for scripts run by ``npm run build`` |
||||
|
# RUN apk add bash |
||||
|
# RUN cd /tmp/peertube && \ |
||||
|
# npm run build |
||||
|
|
||||
|
# RUN cd /tmp/peertube && \ |
||||
|
# rm -r ./node_modules ./client/node_modules && \ |
||||
|
# yarn install --pure-lockfile --production && \ |
||||
|
# yarn cache clean |
||||
|
|
||||
|
|
||||
|
FROM common |
||||
|
|
||||
|
# Install PeerTube |
||||
|
COPY --from=builder /opt/apps/peertube /opt/apps/peertube |
||||
|
|
||||
|
|
||||
|
# RUN mkdir -p /var/lib/peertube /etc/peertube && \ |
||||
|
# chown -R peertube:peertube /var/lib/peertube /etc/peertube |
||||
|
|
||||
|
# ENV PEERTUBE_APP_DIR=/opt/apps/peertube |
||||
|
# ENV PEERTUBE_DATA_DIR=/var/lib/peertube |
||||
|
|
||||
|
## This is important to set config dir of peertube |
||||
|
ENV NODE_CONFIG_DIR=/etc/peertube |
||||
|
ENV NODE_ENV=prod |
||||
|
|
||||
|
VOLUME /var/lib/peertube |
||||
|
VOLUME /etc/peertube |
||||
|
|
||||
|
EXPOSE 9000 |
||||
|
|
||||
|
RUN apk add nodejs-npm |
||||
|
|
||||
|
## runtime deps |
||||
|
RUN apk add openssl |
||||
|
|
||||
|
USER peertube |
||||
|
WORKDIR /opt/apps/peertube |
||||
|
|
||||
|
CMD ["npm", "start"] |
@ -0,0 +1,26 @@ |
|||||
|
diff --git a/dist/server/initializers/checker-before-init.js b/dist/server/initializers/checker-before-init.js
|
||||
|
index 7ff18d0..c75dff2 100644
|
||||
|
--- a/dist/server/initializers/checker-before-init.js
|
||||
|
+++ b/dist/server/initializers/checker-before-init.js
|
||||
|
@@ -15,7 +15,7 @@ function checkMissedConfig() {
|
||||
|
const required = ['listen.port', 'listen.hostname', |
||||
|
'webserver.https', 'webserver.hostname', 'webserver.port', |
||||
|
'trust_proxy', |
||||
|
- 'database.hostname', 'database.port', 'database.suffix', 'database.username', 'database.password', 'database.pool.max',
|
||||
|
+ 'database.hostname', 'database.port', 'database.dbname', 'database.username', 'database.password', 'database.pool.max',
|
||||
|
'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address', |
||||
|
'storage.avatars', 'storage.videos', 'storage.logs', 'storage.previews', 'storage.thumbnails', 'storage.torrents', 'storage.cache', |
||||
|
'log.level', |
||||
|
diff --git a/dist/server/initializers/constants.js b/dist/server/initializers/constants.js
|
||||
|
index d5a3350..7efaabd 100644
|
||||
|
--- a/dist/server/initializers/constants.js
|
||||
|
+++ b/dist/server/initializers/constants.js
|
||||
|
@@ -143,7 +143,7 @@ const CONFIG = {
|
||||
|
HOSTNAME: config.get('listen.hostname') |
||||
|
}, |
||||
|
DATABASE: { |
||||
|
- DBNAME: 'peertube' + config.get('database.suffix'),
|
||||
|
+ DBNAME: config.get('database.dbname'),
|
||||
|
HOSTNAME: config.get('database.hostname'), |
||||
|
PORT: config.get('database.port'), |
||||
|
USERNAME: config.get('database.username'), |
@ -0,0 +1,73 @@ |
|||||
|
version: "3.3" |
||||
|
|
||||
|
services: |
||||
|
|
||||
|
reverse-proxy: |
||||
|
image: traefik |
||||
|
command: --docker # Tells Træfik to listen to docker |
||||
|
ports: |
||||
|
- "80:80" # The HTTP port |
||||
|
- "443:443" # The HTTPS port |
||||
|
volumes: |
||||
|
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events |
||||
|
- ./docker-volume/traefik/acme.json:/etc/acme.json |
||||
|
- ./docker-volume/traefik/traefik.toml:/traefik.toml |
||||
|
restart: "always" |
||||
|
# If you want to use the Traefik dashboard, you should expose it on a |
||||
|
# subdomain with HTTPS and authentification: |
||||
|
# https://medium.com/@xavier.priour/secure-traefik-dashboard-with-https-and-password-in-docker-5b657e2aa15f |
||||
|
# https://github.com/containous/traefik/issues/880#issuecomment-310301168 |
||||
|
|
||||
|
peertube: |
||||
|
# If you don't want to use the official image and build one from sources |
||||
|
# build: |
||||
|
# context: . |
||||
|
# dockerfile: ./support/docker/production/Dockerfile.stretch |
||||
|
image: chocobozzz/peertube:production-stretch |
||||
|
env_file: |
||||
|
- .env |
||||
|
# Traefik labels are suggested as an example for people using Traefik, |
||||
|
# remove them if you are using another reverse proxy. |
||||
|
labels: |
||||
|
traefik.enable: "true" |
||||
|
traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" |
||||
|
traefik.port: "9000" |
||||
|
# If you don't want to use a reverse proxy (not suitable for production!) |
||||
|
# ports: |
||||
|
# - "80:9000" |
||||
|
volumes: |
||||
|
- ./docker-volume/data:/data |
||||
|
- ./docker-volume/config:/config |
||||
|
depends_on: |
||||
|
- postgres |
||||
|
- redis |
||||
|
- postfix |
||||
|
restart: "always" |
||||
|
|
||||
|
postgres: |
||||
|
image: postgres:10-alpine |
||||
|
environment: |
||||
|
POSTGRES_USER: ${PEERTUBE_DB_USERNAME} |
||||
|
POSTGRES_PASSWORD: ${PEERTUBE_DB_PASSWORD} |
||||
|
POSTGRES_DB: peertube |
||||
|
volumes: |
||||
|
- ./docker-volume/db:/var/lib/postgresql/data |
||||
|
restart: "always" |
||||
|
labels: |
||||
|
traefik.enable: "false" |
||||
|
|
||||
|
redis: |
||||
|
image: redis:4-alpine |
||||
|
volumes: |
||||
|
- ./docker-volume/redis:/data |
||||
|
restart: "always" |
||||
|
labels: |
||||
|
traefik.enable: "false" |
||||
|
|
||||
|
postfix: |
||||
|
image: mwader/postfix-relay |
||||
|
environment: |
||||
|
- POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME} |
||||
|
labels: |
||||
|
traefik.enable: "false" |
||||
|
restart: "always" |
@ -0,0 +1,87 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## Init is run on host |
||||
|
## For now it is run every time the script is launched, but |
||||
|
## it should be launched only once after build. |
||||
|
|
||||
|
## Accessible variables are: |
||||
|
## - SERVICE_NAME Name of current service |
||||
|
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any |
||||
|
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service |
||||
|
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service |
||||
|
|
||||
|
set -e |
||||
|
|
||||
|
peertube_uid=$(docker_get_uid "$SERVICE_NAME" "peertube") |
||||
|
|
||||
|
PEERTUBE_APP_DIR=/opt/apps/peertube |
||||
|
PEERTUBE_DATA_DIR=/var/lib/peertube |
||||
|
PEERTUBE_LOG_DIR=/var/log/peertube |
||||
|
PEERTUBE_CACHE_DIR=/var/cache/peertube |
||||
|
PEERTUBE_CONFIG_DIR=/etc/peertube |
||||
|
|
||||
|
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
||||
|
HOST_DATA_DIR=$SERVICE_DATASTORE/$PEERTUBE_DATA_DIR |
||||
|
|
||||
|
|
||||
|
mkdir -p "$HOST_CONFIG_DIR" |
||||
|
|
||||
|
## Always copy default and custom env configuration file, in cases where new keys were added |
||||
|
ln -sf "$PEERTUBE_APP_DIR"/config/default.yaml "$HOST_CONFIG_DIR" |
||||
|
|
||||
|
|
||||
|
cat <<EOF > "$HOST_CONFIG_DIR/local.yaml" |
||||
|
|
||||
|
listen: |
||||
|
hostname: '0.0.0.0' |
||||
|
port: 9000 |
||||
|
|
||||
|
storage: |
||||
|
|
||||
|
avatars: '$PEERTUBE_DATA_DIR/avatars/' |
||||
|
videos: '$PEERTUBE_DATA_DIR/videos/' |
||||
|
redundancy: '$PEERTUBE_DATA_DIR/redundancy/' |
||||
|
previews: '$PEERTUBE_DATA_DIR/previews/' |
||||
|
thumbnails: '$PEERTUBE_DATA_DIR/thumbnails/' |
||||
|
torrents: '$PEERTUBE_DATA_DIR/torrents/' |
||||
|
captions: '$PEERTUBE_DATA_DIR/captions/' |
||||
|
|
||||
|
logs: '/var/log/peertube/' |
||||
|
|
||||
|
cache: '/var/cache/peertube/' |
||||
|
tmp: '/var/tmp/peertube/' |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
|
||||
|
VALID_SECTION=( |
||||
|
instance services import transcoding |
||||
|
user signup admin cache redundancy |
||||
|
trending search log |
||||
|
) |
||||
|
for section in "${VALID_SECTION[@]}"; do |
||||
|
if val=$(options-get "$section" 2>/dev/null); then |
||||
|
yaml_key_val_str "$section" "$val" |
||||
|
fi |
||||
|
done >> "$HOST_CONFIG_DIR/local.yaml" |
||||
|
|
||||
|
if ! [ -e "$HOST_DATA_DIR/config.json" ]; then |
||||
|
touch "$HOST_DATA_DIR/config.json" |
||||
|
fi |
||||
|
|
||||
|
ln -sf "$PEERTUBE_DATA_DIR"/config.json "$HOST_CONFIG_DIR/local-prod.json" |
||||
|
|
||||
|
|
||||
|
dirs=(/var/tmp/peertube /var/cache/peertube |
||||
|
"$PEERTUBE_CACHE_DIR" "$PEERTUBE_LOG_DIR" "$PEERTUBE_DATA_DIR") |
||||
|
host_dirs=() |
||||
|
for dir in "${dirs[@]}"; do |
||||
|
host_dirs+=("$SERVICE_DATASTORE$dir") |
||||
|
done |
||||
|
|
||||
|
mkdir -p "${host_dirs[@]}" |
||||
|
find "${host_dirs[@]}" \! -user "$peertube_uid" \ |
||||
|
-exec chown -v "$peertube_uid" {} + || true |
||||
|
|
||||
|
|
||||
|
true |
@ -0,0 +1,25 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set -e |
||||
|
|
||||
|
PEERTUBE_CONFIG_DIR=/etc/peertube |
||||
|
|
||||
|
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
||||
|
|
||||
|
PASSWORD="$(relation-get password)" |
||||
|
USER="$(relation-get user)" |
||||
|
DBNAME="$(relation-get dbname)" |
||||
|
|
||||
|
cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml" |
||||
|
|
||||
|
database: |
||||
|
hostname: '$TARGET_SERVICE_NAME' |
||||
|
## We had to patch peertube to have a direct dbname (doh!) |
||||
|
dbname: '$DBNAME' |
||||
|
port: 5432 |
||||
|
username: '$USER' |
||||
|
password: '$PASSWORD' |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -0,0 +1,24 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set -e |
||||
|
|
||||
|
PEERTUBE_CONFIG_DIR=/etc/peertube |
||||
|
|
||||
|
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
||||
|
|
||||
|
password=$(relation-get password) || { |
||||
|
err "Can't get password for '$SERVICE_NAME' from '$TARGET_SERVICE_NAME'." |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml" |
||||
|
|
||||
|
## XXXvlab: to be added by redis relation |
||||
|
redis: |
||||
|
hostname: '$TARGET_SERVICE_NAME' |
||||
|
port: 6379 |
||||
|
auth: $password |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -0,0 +1,22 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set -e |
||||
|
|
||||
|
PEERTUBE_CONFIG_DIR=/etc/peertube |
||||
|
|
||||
|
HOST_CONFIG_DIR=$SERVICE_CONFIGSTORE/$PEERTUBE_CONFIG_DIR |
||||
|
|
||||
|
domain=$(relation-get domain) || { |
||||
|
err "Can't get domain value." |
||||
|
exit 1 |
||||
|
} |
||||
|
cat <<EOF >> "$HOST_CONFIG_DIR/local.yaml" |
||||
|
|
||||
|
webserver: |
||||
|
https: true |
||||
|
hostname: '$domain' |
||||
|
port: 443 |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -0,0 +1,135 @@ |
|||||
|
description: "PeerTube Server" |
||||
|
maintainer: "Valentin Lab <valentin.lab@kalysto.org>" |
||||
|
## XXXvlab: docker uses the 'build' directory or the 'image:' option here. |
||||
|
#docker-image: chocobozzz/peertube:production-stretch ## YYY: to save in our docker-registry |
||||
|
data-resources: |
||||
|
- /var/lib/peertube |
||||
|
- /var/log/peertube |
||||
|
- /var/cache/peertube |
||||
|
config-resources: |
||||
|
- /etc/peertube |
||||
|
|
||||
|
## XXXvlab: options here are the one provided to the server as |
||||
|
## defaults BUT that can be changed from within the web |
||||
|
## interface. |
||||
|
default-options: |
||||
|
# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag |
||||
|
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. |
||||
|
# Please, do not disable transcoding since many uploaded videos will not work |
||||
|
transcoding: |
||||
|
enabled: true |
||||
|
threads: 1 |
||||
|
resolutions: # Only created if the original video has a higher resolution, uses more storage! |
||||
|
240p: true |
||||
|
360p: true |
||||
|
480p: true |
||||
|
720p: true |
||||
|
1080p: true |
||||
|
|
||||
|
import: |
||||
|
# Add ability for your users to import remote videos (from YouTube, torrent...) |
||||
|
videos: |
||||
|
http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html |
||||
|
enabled: true |
||||
|
torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) |
||||
|
enabled: true |
||||
|
|
||||
|
signup: |
||||
|
enabled: true |
||||
|
|
||||
|
|
||||
|
uses: |
||||
|
postgres-database: |
||||
|
constraint: required |
||||
|
auto: summon |
||||
|
solves: |
||||
|
database: "main storage" |
||||
|
default-options: |
||||
|
extensions: |
||||
|
- pg_trgm |
||||
|
- unaccent |
||||
|
redis-database: |
||||
|
constraint: required |
||||
|
auto: summon |
||||
|
solves: |
||||
|
database: "short time storage" |
||||
|
# log-rotate: |
||||
|
# constraint: recommended |
||||
|
# auto: pair |
||||
|
# solves: |
||||
|
# disk-leak: "/var/log/peertube" |
||||
|
web-proxy: |
||||
|
constraint: required |
||||
|
auto: pair |
||||
|
solves: |
||||
|
proxy: "Public access" |
||||
|
default-options: |
||||
|
apache-custom-rules: |
||||
|
- | |
||||
|
## From https://gist.github.com/rigelk/07a0b8963fa4fc1ad756374c28479bc7 |
||||
|
|
||||
|
Protocols h2 http/1.1 |
||||
|
|
||||
|
# HSTS (mod_headers is required) (63072000 seconds = 2 years) (only activate it knowingly) |
||||
|
#Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" |
||||
|
|
||||
|
Header always set X-Content-Type-Options nosniff |
||||
|
Header always set X-Robots-Tag none |
||||
|
Header always set X-XSS-Protection "1; mode=block" |
||||
|
|
||||
|
# Hard limit, PeerTube does not support videos > 4GB |
||||
|
LimitRequestBody 4294967294 |
||||
|
|
||||
|
# Set caching on assets for 1 year |
||||
|
<FilesMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$> |
||||
|
Header append Cache-Control "public, max-age=31536000, immutable" |
||||
|
</FilesMatch> |
||||
|
AliasMatch ^/client/(.*\.(js|css|woff2|otf|ttf|woff|eot))$ /var/www/peertube/peertube-latest/client/dist/$1 |
||||
|
|
||||
|
# Set caching on image files for 1 year |
||||
|
<FilesMatch ^/static/(thumbnails|avatars)/(.*)$> |
||||
|
Header append Cache-Control "public, max-age=31536000, immutable" |
||||
|
</FilesMatch> |
||||
|
AliasMatch ^/static/(thumbnails|avatars)/(.*)$ /var/www/peertube/storage/$1/$2 |
||||
|
|
||||
|
# Bypass PeerTube webseed route for better performances |
||||
|
Alias /static/webseed /var/www/peertube/storage/videos |
||||
|
<Location /static/webseed> |
||||
|
# Clients usually have 4 simultaneous webseed connections, so the real limit is 3MB/s per client |
||||
|
SetOutputFilter RATE_LIMIT |
||||
|
SetEnv rate-limit 800 |
||||
|
|
||||
|
SetEnvIf Request_Method "GET" GETMETH=1 |
||||
|
|
||||
|
Header set Access-Control-Allow-Origin "*" env=GETMETH |
||||
|
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=GETMETH |
||||
|
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=GETMETH |
||||
|
Header set toto "foo" env=GETMETH |
||||
|
SetEnvIf GETMETH "1" dontlog |
||||
|
|
||||
|
SetEnvIf Request_Method "OPTIONS" OPTIONSMETH=1 |
||||
|
|
||||
|
Header set Access-Control-Allow-Origin "*" env=OPTIONSMETH |
||||
|
Header set Access-Control-Allow-Headers "Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type" env=OPTIONSMETH |
||||
|
Header set Access-Control-Allow-Methods "GET, OPTIONS" env=OPTIONSMETH |
||||
|
Header set Access-Control-Max-Age "1000" env=OPTIONSMETH |
||||
|
Header set Content-Type "text/plain charset=UTF-8" env=OPTIONSMETH |
||||
|
Header set Content-Length "0" env=OPTIONSMETH |
||||
|
</Location> |
||||
|
|
||||
|
<Location /videos/embed> |
||||
|
Header unset X-Frame-Options |
||||
|
</Location> |
||||
|
|
||||
|
ProxyPreserveHost On |
||||
|
ProxyRequests On |
||||
|
ProxyTimeout 600 |
||||
|
|
||||
|
# Websocket tracker |
||||
|
RewriteEngine On |
||||
|
RewriteCond %{HTTP:Upgrade} websocket [NC] |
||||
|
RewriteRule /(.*) ws://127.0.0.1:9000/$1 [P,L] |
||||
|
|
||||
|
# <Location /> |
||||
|
# ProxyPass http://127.0.0.1:9000/ |
||||
|
# </Location> |
@ -0,0 +1,18 @@ |
|||||
|
## is a simple copy of postgres:10-alpine |
||||
|
FROM docker.0k.io/alpine:3.7 as common |
||||
|
|
||||
|
RUN apk add redis |
||||
|
|
||||
|
RUN mkdir -p /var/lib/redis |
||||
|
RUN chown -R redis:redis /var/lib/redis |
||||
|
|
||||
|
RUN echo -e "include /etc/redis-local.conf\n" >> /etc/redis.conf |
||||
|
|
||||
|
VOLUME ["/var/lib/redis"] |
||||
|
|
||||
|
# Expose the ports for redis |
||||
|
EXPOSE 6379 |
||||
|
|
||||
|
USER redis |
||||
|
|
||||
|
ENTRYPOINT ["redis-server", "/etc/redis.conf"] |
@ -0,0 +1,59 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## Init is run on host |
||||
|
## For now it is run every time the script is launched, but |
||||
|
## it should be launched only once after build. |
||||
|
|
||||
|
## Accessible variables are: |
||||
|
## - SERVICE_NAME Name of current service |
||||
|
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any |
||||
|
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service |
||||
|
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service |
||||
|
|
||||
|
set -e |
||||
|
|
||||
|
uid=$(docker_get_uid "$SERVICE_NAME" "redis") |
||||
|
|
||||
|
CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf |
||||
|
|
||||
|
PASSWORD=$(options-get password 2>/dev/null) || { |
||||
|
if [ -e "$CONFIG" ]; then |
||||
|
PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g') |
||||
|
fi |
||||
|
if [ -z "$ADMIN_PASSWORD" ]; then |
||||
|
info "Generating odoo admin password" |
||||
|
PASSWORD=$(gen_password 64) |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
|
||||
|
|
||||
|
mkdir -p "$(dirname "$CONFIG")" |
||||
|
cat <<EOF > "$CONFIG" |
||||
|
daemonize no |
||||
|
loglevel notice |
||||
|
logfile "" |
||||
|
bind 0.0.0.0 |
||||
|
requirepass $PASSWORD |
||||
|
|
||||
|
EOF |
||||
|
chown -v "$uid" "$CONFIG" |
||||
|
|
||||
|
|
||||
|
dirs=(/var/log/redis /var/lib/redis) |
||||
|
host_dirs=() |
||||
|
for dir in "${dirs[@]}"; do |
||||
|
host_dirs+=("$SERVICE_DATASTORE$dir") |
||||
|
done |
||||
|
|
||||
|
mkdir -p "${host_dirs[@]}" |
||||
|
find "${host_dirs[@]}" \! -user "$uid" \ |
||||
|
-exec chown -v "$uid" {} + || true |
||||
|
|
||||
|
|
||||
|
config_hash=$(cat "$CONFIG" | md5_compat) || exit 1 |
||||
|
init-config-add " |
||||
|
$MASTER_BASE_SERVICE_NAME: |
||||
|
labels: |
||||
|
- compose.config_hash=$config_hash |
||||
|
" |
@ -0,0 +1,12 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
|
||||
|
CONFIG=$SERVICE_CONFIGSTORE/etc/redis-local.conf |
||||
|
|
||||
|
set -e |
||||
|
|
||||
|
PASSWORD=$(grep ^requirepass "$CONFIG" | sed -r 's/^requirepass\s+(.+)$/\1/g') |
||||
|
|
||||
|
relation-set password "$PASSWORD" |
||||
|
|
||||
|
true |
@ -0,0 +1,9 @@ |
|||||
|
summary: "Redis server" |
||||
|
maintainer: "Valentin Lab <valentin.lab@kalysto.org>" |
||||
|
data-resources: |
||||
|
- /var/lib/redis |
||||
|
- /var/log/redis |
||||
|
config-resources: |
||||
|
- /etc/redis-local.conf |
||||
|
provides: |
||||
|
redis-database: |
Write
Preview
Loading…
Cancel
Save
Reference in new issue